Skip to main content

VPC Peering scenario


Requirement:

Create 3 EC2 instances (Machine A, Machine B and Machine C)in 3 different VPCs(VPC A, VPC B, VPC C). We should be able to do SSH from Machine A to Machine B and from Machine B to Machine C.
However, we should NOT be allowed to Machine B to Machine A as well as Machine C to Machine B

Solution:

1.       Create two VPC with CIDR Range 10.0.1.0/24, 10.0.2.0/24 & 10.0.3.0/24
2.       Create Subnet in respective VPC with range same as VPC CIDR
3.       Create two Internet Gateway and attach to respective VPC.
4.       In default Route Table add the default Rule (0.0.0.0/0) and target to Internet Gateway.
5.       Create Peering connections (for VPC Peering)
a.       Select the Source as VPC A and destination as VPC B
b.       Accept the Peering request
c.       Select the Source as VPC B and destination as VPC C
d.       Accept the Peering request
6.       Edit Route table A and add the route to VPC B CIDR Range and target to VPC Peering
7.       Edit Route table B and add the route to VPC A CIDR Range and target to VPC Peering
8.       Edit Route table B and add the route to VPC C CIDR Range and target to VPC Peering
9.       Edit Route table C and add the route to VPC B CIDR Range and target to VPC Peering
10.   Create three EC2 instances (VM) in the respective VPC.
11.   Edit the default NACL of VPC A
·       Edit the inbound rule to deny login from VPC B CIDR range
12.       Edit the default NACL of VPC B
·        Edit the Inbound rule to deny from VPC C CIDR Range
 
13.       Login to Machine A and check if you should be able to ssh to Machine B. And Machine B to machine C.
a.       Machine A to Machine B (Successful SSH)
b.       Machine B to Machine C (Successful SSH)
14.       SSH should not be possible from Machine B to Machine A and Machine C to machine B
a.       Machine B to Machine A (Unsuccessful SSH)
 
b.       Machine C to Machine B (Unsuccessful SSH) 
       

Comments

Popular posts from this blog

VPC Peering

VPC Peering VPC Peering feature is used when we need to establish connectivity between subnet in two different VPCs in the same or different account. Let’s take a scenario of creating VPC Peering between two VPC in the same account to keep it simple. NOTE: All the IP address and CIDR range depicted in the below diagram and subsequent steps is for example only. Step 1: Create a VPC A with CIDR Range 10.0.0.0/16 and keep Default in Tenancy dropdown.   Step 2: Create a VPC B with CIDR Range 172.16.0.0/16 and keep Default in Tenancy dropdown.  Step 3: Enter Name tag as SubNetA and map to VPC A in VPC dropdown. Note that VPC CIDRs of VPC A is auto-populated and status as associated. Selecting Availability zone is not mandatory. However, AWS will select one of the Availability Zone when we create a subnet. Enter 10.0.1.0/24 as IPv4 CIDR block and then click on Create button. Step 4: Create SubNet A and map to VPC B in VPC dropdown. Note th...

IP Sec Tunneling

Requirement: Establish connectivity between the on-premise data center and AWS data center using IPSec tunneling.  Solution: We are creating IPSec Tunneling between two VPC in a different account and the different region as we don’t have on-premise data center.  Steps to achieve this. 1.        Create VPC A with CIDR Range 10.100.0.0/16 in First account. 2.        Create Subnet A in VPC A with range 10.100.1.0/24 3.        Create Internet Gateway and attach to VPC A. 4.        Add the Route (0.0.0.0/0) in default Route Table and target to Internet Gateway. 5.        Create VPC B with CIDR Range 10.200.0.0/16 in Second account. 6.        Create Subnet B in VPC B with range 10.200.1.0/24 7.        Create Internet Gateway and attach ...

NAT Gateway

NAT Gateway Create a VPC with two subnets and allow public access to EC2 instances only on one subnet. Then enable the internet to EC2 instances in Private Subnet. Requirement: Create EC2 instance in private Subnet and provide Internet access using NAT Gateway. Solution: 1.        Create One VPC with CIDR Range 10.0.0.0/16 2.        Create a private Subnet with CIDR Range 10.0.1.0/24 3.        Create a public Subnet with CIDR Range 10.0.2.0/24 4.        Create One Internet Gateway and assign to VPC. 5.        Create one custom Route table and associate Public Subnet. a.        Create a global route (0.0.0.0/0) and target to IGW 6.        Associate private subnet to default Route table 7.        Launch one...